3.2. Creating Policies
To meet these requirements, companies create and enforce policies. A policy is a statement that embodies the goals and behavior that the company wants to instill in its employees and business partners. Policies are not immutable. They can change as new regulatory requirements arrive, as the business goals of the company change, or as the corporate risk-tolerance level changes.
In theory, all policies should be followed (or an exception should be approved under the policy provisions for exceptions), and there should be some sort of remedial action prescribed for noncompliance with a given policy. In reality, though, all policies are not created alike. The policy that prohibits employees from bribing governmental officials ...
Get Under Control: Governance Across the Enterprise now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
